Ticket sales for performance events hit a sour note late Wednesday night as Ticketfly’s website became defaced and a hacker claimed to have seized its customer database.

Ticketfly’s website was still down as of late Thursday afternoon. When it became compromised, the hacker posted an image of a Guy Fawkes mask, with the message, “Ticketfly HacKeD By IsHaKdZ,” along with “Your Security Down im Not Sorry.”

Visiting Ticketfly’s site, users discovered the following message:

Following a series of recent issues with Ticketfly properties, we’ve determined that Ticketfly has been the target of a cyber incident. Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible. Please check back later.

According to Lorenzo Franceschi-Bicchierai, who reports for Motherboard, when Ticketfly was contacted for comment, the company sent back the exact same statement that appears on its site. “The company did not say whether any event tickets were stolen or otherwise compromised,” writes Franceschi-Bicchierai.

Interestingly, Motherboard and the alleged hacker exchanged emails. “The hacker claimed to have warned Ticketfly of a vulnerability that allowed them to take control of ‘all database’ for Ticketfly and its website. The hacker said they asked for 1 bitcoin to share the details of the vulnerability but did not get a reply. The hacker shared what appears to be two emails between him and a series of Ticketfly employees in which the hacker mentions the vulnerability,” reports Franceschi-Bicchierai.

As a show of evidence, the hacker referred Motherboard to a server where they say they uploaded hacked files. When Motherboard investigated, it found what seemed to be personal data of Ticketfly customers and employees, including names, home and email addresses, and phone numbers, according to Franceschi-Bicchierai.

While the hacker’s claim that they warned Ticketfly remains unconfirmed, Motherboard was able to confirm the personal data of six users on the server, signaling that the data breach appears to be legitimate.

Get the full story at Motherboard.